• IDP Daily Update #1246
  posted: 08/19/08
  
• NSM Daily Update #1246
  posted: 08/19/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1246
  posted: 08/19/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1227
  posted: 08/19/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 08/18/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: File Upload Script PHPBB Module Arbitrary Script Upload Vulnerability

Severity: HIGH

Description:

File Upload Script is a phpBB module that allows users to upload files to a Web site.

File Upload Script is reported prone to an arbitrary script upload vulnerability. This issue results from insufficient sanitization of user-supplied data.

It is reported that the 'up.php' script does not sanitize file extensions prior to uploading a user-supplied file. This can allow an attacker to upload arbitrary PHP scripts to a computer.

If successful, the attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the affected server.

All versions of File Upload Script are considered vulnerable at the moment.

Affected Products:

• File Upload Script File Upload Script 1.1.0

References:

• Meilad: File Upload Script